You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by solo turn <so...@gmail.com> on 2005/01/07 11:49:33 UTC
hotbackup and bdb log permissions, svn 1.1.1
hi,
for hotbackup, we use root's crontab to start a script containing:
/usr/lib/subversion/hot-backup.py /var/lib/svn/rep /backup/svn/
on debian, we upgraded to:
# svn --version
svn, version 1.1.1 (r11581)
compiled Dec 15 2004, 19:22:46
# wajig list-wide libdb4
ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [runtime]
now (in rare cases) there are db log files with root's permission
created, which we did not notice before:
# ls -l db
...
-rw------- 1 www-data www-data 1738 2004-02-04 04:10 DB_CONFIG
-rw------- 1 www-data www-data 1048546 2005-01-07 03:00 log.0000000001
-rw-r--r-- 1 root root 1566 2005-01-07 03:00 log.0000000002
...
is this by design, or a flaw?
-solo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: hotbackup and bdb log permissions, svn 1.1.1
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
--On Monday, January 10, 2005 10:05 PM +0100 solo turn <so...@gmail.com>
wrote:
> switching the user would be a nice idea, also for "svn recover" :)
No, it's not: you should be running the cronjob as the user who owns the
database not root. -- justin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: hotbackup and bdb log permissions, svn 1.1.1
Posted by solo turn <so...@gmail.com>.
switching the user would be a nice idea, also for "svn recover" :)
On Fri, 07 Jan 2005 07:55:24 -0700, Bruce Elrick <br...@elrick.ca> wrote:
> solo turn wrote:
>
> >hi,
> >
> >for hotbackup, we use root's crontab to start a script containing:
> >/usr/lib/subversion/hot-backup.py /var/lib/svn/rep /backup/svn/
> >
> >on debian, we upgraded to:
> ># svn --version
> >svn, version 1.1.1 (r11581)
> > compiled Dec 15 2004, 19:22:46
> ># wajig list-wide libdb4
> >ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [runtime]
> >
> >now (in rare cases) there are db log files with root's permission
> >created, which we did not notice before:
> >
> ># ls -l db
> >...
> >-rw------- 1 www-data www-data 1738 2004-02-04 04:10 DB_CONFIG
> >-rw------- 1 www-data www-data 1048546 2005-01-07 03:00 log.0000000001
> >-rw-r--r-- 1 root root 1566 2005-01-07 03:00 log.0000000002
> >...
> >
> >is this by design, or a flaw?
> >
> >
> This happened to me with 0.35, so it is a long-running "issue".
>
> Subversion running as root does not do anything fancy to switch users to
> the owner of the BDB files. hot-backup.py opens a BDB context which
> even though it is (largely) read-only can cause a new log file to be
> created (the nature of BDB even if the action is read-only) which of
> course has root's permission.
>
> The solution is simply to either 'su' to the www-data user and run the
> host-backup in root's crontab, or even easier, run the hot-backup in
> www-data's crontab.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: hotbackup and bdb log permissions, svn 1.1.1
Posted by Bruce Elrick <br...@elrick.ca>.
solo turn wrote:
>hi,
>
>for hotbackup, we use root's crontab to start a script containing:
>/usr/lib/subversion/hot-backup.py /var/lib/svn/rep /backup/svn/
>
>on debian, we upgraded to:
># svn --version
>svn, version 1.1.1 (r11581)
> compiled Dec 15 2004, 19:22:46
># wajig list-wide libdb4
>ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [runtime]
>
>now (in rare cases) there are db log files with root's permission
>created, which we did not notice before:
>
># ls -l db
>...
>-rw------- 1 www-data www-data 1738 2004-02-04 04:10 DB_CONFIG
>-rw------- 1 www-data www-data 1048546 2005-01-07 03:00 log.0000000001
>-rw-r--r-- 1 root root 1566 2005-01-07 03:00 log.0000000002
>...
>
>is this by design, or a flaw?
>
>
This happened to me with 0.35, so it is a long-running "issue".
Subversion running as root does not do anything fancy to switch users to
the owner of the BDB files. hot-backup.py opens a BDB context which
even though it is (largely) read-only can cause a new log file to be
created (the nature of BDB even if the action is read-only) which of
course has root's permission.
The solution is simply to either 'su' to the www-data user and run the
host-backup in root's crontab, or even easier, run the hot-backup in
www-data's crontab.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org